We'll be right back.
We'll be right back.
We'll be right back.
But I had nothing to do with it.
I had set the record straight.
He's watching this on the web.
So now I'll feel really good, you know,
and he'll put me back in his will and stuff,
which is really important.
All right, so we're going to start off
with talking about what we're going to learn today
so that if it's not something you want to learn
or it makes you sad or it hurts you in some way,
you can walk out.
We're going to learn PHP basics and uses.
PHP is a web programming language.
It's very simple.
It lets you make dynamic web pages.
It's free.
It's not by Microsoft.
And it's not ASP.
So these are all very good reasons to use it.
Yeah, let's have a round of applause.
Yeah!
Yeah!
All right, we're going to talk about how to secure...
I feel so tall right now.
We're going to talk about how to secure PHP installations
and how to use encryption with PHP
so that you guys can protect your PHP scripts
and the information you store.
We're also going to talk about
how to make a link and email grabber,
which is the data mining.
So I give you guys code.
You can expand it, make it look really...
Put your little elite conversation in it, you know.
Put your little hacker name on the top of it
and run wild with it.
Wild with it.
We're going to talk about how to make a live search engine,
a lot like Hasta La Vista,
but it's really fast.
It runs in PHP.
It's super quick.
You can basically search any web pages you want to
and get information off of them.
We're going to make a port scanner with PHP.
Do you guys know what that is?
We're going to emulate TCP IP traffic
using PHP sockets.
It actually has a full...
It has a full implementation of sockets in it.
You can actually set up sessions
and communicate directly with a socket
on any server in the world.
I'm going to give you guys some ideas
for your own expansion of this code.
I know that this is just for you.
This will make you feel good about yourselves.
I want you to take what I did,
make it, like I said, look crazy, you know.
Add your little hacker speak to it stuff, you know.
Send it out on the internet.
Let the world see it.
Get the feds upset.
And the last part we're going to learn today
is how to last an hour in a hot conference room
without dinner.
Without dinner.
There won't be any dinner served, unfortunately.
Oh my gosh.
There we go.
All right.
Quick overview.
From the PHP manual,
PHP is an HTML embedded scripting language.
Much of its syntax is borrowed from C, Java, and Perl
with a couple of unique PHP features thrown in.
Basically what they did is they...
When they originally created the language,
they just wanted to be able to put, you know,
use variables on a web page
to be able to customize it.
So they wanted to be able to set it up
so that you could put any name on the page,
any information,
draw it out of a database.
That came second.
They want web developers to write
dynamically generated pages.
I'm going to show you guys an example
of a dynamically generated page.
Casey never saw one before.
He said sarcastically.
All right.
The beauty of PHP is that it outputs HTML
so you can dynamically shape web pages.
Its output is just HTML.
And you get to use the variables
and the structures in it
and the different aspects of it
to make customized HTML.
In addition,
it can build images with the GD library.
This is like one of the coolest things in the world.
It has a built-in library
that you can create your own images,
much like Logo,
for anyone who used to use that on the Apple IIe.
Woo!
Logo rules!
Then it became a weird Christian bookstore.
But, yeah.
So you can build your own graphics and images
using PHP.
It interacts directly with 15-plus databases.
It has native C support for 15 databases.
Not like an ODBC,
although it has that module in it.
Direct interfaces to very popular databases,
FileMaker,
Microsoft,
and MS SQL and Postgres.
It competes against ASP and JSP.
To give you guys some example,
it's in use now on 1.75 million websites,
which is a lot for a free technology
that had basically no commercial company behind it
until about seven months ago
when the two people who wrote it
decided to form Zen,
which is the commercial company.
Typical uses.
E-commerce.
People love using it for e-commerce
because it's so well-suited
for things like a shopping cart.
Basically, grab a bunch of information
out of a database,
total it up,
do a few little mathematics on it,
put like a smiley face on it,
a little shopping cart icon.
Everyone's happy in the world.
I created a commercial website two years ago
called Recommendo.com.
This is not a pitch.
Jehovah starts with an I.
And so Recommendo actually uses
the customization.
It uses,
it uses MySQL to do the database work on it,
creates the pages from templates.
The whole site is literally five pages,
and I use PHP to customize it
with includes and modules and things like that.
I'm going to start with the basics of PHP.
Can I just get a show of hands here
because this is like what you do when you talk?
How many people here have coded PHP before?
Fantastic.
That's so awesome.
When you go on Yahoo's job board
and you put in PHP,
there's like 10 jobs.
When you go to,
like guru.net,
I found like maybe like 30 jobs there,
but I knew that there's a larger community
of people out there using it.
And so we're going to use a few features
that you probably weren't familiar with before.
I'll stop for questions if you guys have them,
but make sure they're relevant
to what I'm talking about.
At the end of it,
if you want,
we can sit down and,
you know,
talk about how to do all the fun stuff with it,
how to do database,
you know,
how to do fake transactions,
whatever you want to talk about.
But if you want to ask questions,
make sure it's relevant to what we're talking about.
Okay.
Since you guys have some experience with PHP before,
I'll go over the basics for those who haven't.
Basically,
you announce PHP in the webpage.
So you start with two tags,
beginning and ending tag,
much like JavaScript
and much like JSP and ASP.
It's less than question mark PHP,
question mark greater than to close it.
All PHP lines end with a terminator.
That's the semicolon.
Semicolon doesn't get much work out in life,
but it gets much work out in programming languages.
PHP is compiled at run time,
so you get to control its speed and execution directly.
What's nice about that is it's not a bytecode language like Java.
It's actually compiled as you run it.
So you can use,
you know,
the world famous four next loops to put pauses in the middle of your program,
have it accomplish things and have it seem like it's waiting,
you know,
but you get to control the program flow,
which is important.
PHP doesn't output anything until you tell it to with print or echo.
It's not like ASP,
which has some basic procedures in it and things that will automatically output to print.
You have to tell it to output the data.
I use ultra edit to code PHP and this is a plug because this is like the coolest software in the world
and the second most thefted software in the world next to WinZip.
I thought you'd like to know that statistic,
but it has a PHP world word file,
which is context highlighting and tag finishing for you too.
Quick technique,
how to do output.
You use print,
print or echo.
What is the difference between printer echo?
You don't care.
They both do the exact same thing,
except that when you use print or echo,
you're really using a function,
so you have to use a quotation mark and it depends how it processes the variables when it outputs it.
It always outputs standard out.
It's usually the browser print f neat function.
It prints formatted text according to rejects expressions.
So if you want to format your text and you want to put commas in the numbers or you know the right amount of decimal points,
you can do it from that.
You can escape in and out of PHP.
For example,
you could use at the top the title tag in HTML and you could do you know start PHP dollar sign foo and PHP parentheses home page.
They love this like when you do like a page for a business website and at the top it says like you sign in and you're like oh my username's Adam and then it says Adam's web page after it.
That's darling isn't it?
That's why that's like a lot of PHP and ASP it's like oh that's so sweet that's so darling.
All right, quick technique how to do variables here.
Okay, I'm looking right now is anyone asleep is anyone asleep I just started.
Okay, you do not need to declare variables.
PHP has automatic memory allocation and typing.
That's like the coolest thing.
You don't have to type your variables.
You don't have to declare them at the beginning.
PHP takes care of all your typing for you.
In fact, there's a whole series of commands that let you get the type for a variable.
They let you change the type of a variable and touch Pokemon.
And prod variables.
It's fantastic stuff.
You initialize a variable simply by using it as an expression.
For example, dollar sign foo equals Adam.
Oh, where do you get that value from?
It establishes the variable foo as a string with the value of Adam.
Use get type to determine the type of your variable.
It's either boolean, integer, double string, array, object, resource, null which is new in PHP 4 or unknown type.
Yes sir?
Yes you can.
In fact, you can actually declare variables with the function and automatically say it can only hold doubles.
Or it can only hold integer numbers.
And then, like I said, as a PHP 4, you can actually have it be null.
Not, you know, just empty, but null.
And it's using a lot of database support.
Yes?
.
Right.
Yeah.
They accept a few.
I ran into that problem.
He's saying that when you start your PHP, you can actually do less than question mark.
And you don't need to put less than question mark PHP.
But I found some server incompatibilities between using that, like on Windows sometimes.
It thinks it's ASP.
And it sends it to the wrong, like when you use ISAPI with, what's the lovely Microsoft web serving product?
Blank now.
Yes, IIS.
When you use it with IIS 5, sometimes they'll try to process it as ASP.
And then it, like, Microsoft gets mad and they report you to the Fed.
Wait, I'm just kidding.
That last part, I'm totally lying about that.
Quick technique.
Arrays.
Arrays are the coolest part of PHP to me.
Because you can do a lot of stuff with it.
You basically can read the contents of a database into an array.
Sort it.
Play with it.
Manipulate it.
Send it home to your mom.
Because it's been bad.
You declare an array simply by saying dollar sign foo equals array, parentheses, and you
give it values.
It defines the variable foo as a two element array.
When you refer to that variable foo as a two element array, you're going to see that
variable.
How cool.
How quaint.
You just do dollar sign foo, element one, element two, element three.
Yes.
Excellent question.
He asks if you run into buffer overflows when you, because PHP takes care of your typing
and memory allocation.
I haven't run into any problems except when, basically, if you don't, when you do a while
loop.
You're running around inside of a while loop and you keep incrementing your index variable,
like I or something, and you forget to increment it, then basically it outputs like 3,000 times,
shuts down the Apache thread, gets really mad.
So that would be an example of it.
You just have to make sure to terminate your loops.
Just like if you're using basic even.
It has a really neat sort function called nat sort in it, PHP, that lets you sort your
array naturally.
So instead of one, two, three, four, instead of zero, one, zero, two, zero, three, zero,
four.
And also you could shuffle and randomize the elements of array.
This is really cute for kids' games, like when you're a kid and you do your flashcards.
Whoa.
Giddy up.
When you do your flashcards out there and it would actually, oh, that was cool.
Okay.
When you do your flashcards, you actually shuffle your array.
So you can do that.
Yes.
Okay.
Now, let me get here.
Yeah, I'm missing a little bit.
You're absolutely right.
I'm very bad.
He's pointing out here that I didn't in my presentation.
You're supposed to do quote X1, quote comma, quote X2, quote.
Oh, God.
I'm worthless.
All right.
How to handle flow in PHP.
You have this little option here.
Your while loop.
It's the greatest.
It's the strongest. It's the coolest thing in the world.
I'm going to get up and flex over it. While loops are the greatest thing in the
entire universe. They execute until or while a given condition
exists. So until i equals 10, keep executing.
It's much quicker than a for-next-loop and more flexible.
They have a new construct in PHP 4, which is basically like for-next-else, which uses
while. They also have if, else if, and else, which
is conditional. You guys probably know this from other programming
languages. If condition, then do this.
Else if, condition to, do this. Else, do this.
PHP has switch and case, which is really cool. A great example is you can say on day, do
these things. And if case is Monday, do this.
If case is Tuesday, do this. It's kind of a modified if and else if and
else, but it really looks very clean when you code it.
You have break and exit. Break pops you out of a while.
There's a while loop or a for-next-loop, and it's useful for searching and sorting, like
if you're doing a bubble sort. And then also exit, which terminates the script.
So this is how you can implement basic security in PHP.
So basically you can check the session or the user credential at the top of the page,
and then exit out of the script so nothing else goes on.
Yeah, I'll show you a while loop. You don't need a done.
It's implied. But you can use done.
Quick techniques that it has. Oh, bye, I'm sorry.
I'm really sorry. Go, go, get out of here.
All right, MySQL, free database. Just like Microsoft MS SQL, except it lacks
transaction support, which is not a problem, because you can actually emulate transactions
using PHP. Postgres SQL, SQL, more robust.
It actually has transactions in it. It's usually free, but it's less supported.
Two reasons why you should use MySQL with PHP. Number one, almost every single company
that provides PHP web hosting offers MySQL and not Postgres SQL.
And number two, as of PHP 4, the MySQL commands are natively compiled into the programming
language. So it's much faster, actually.
It has an ODBC connector, so you can connect to Bob's XYZ database as long as it uses ODBC.
And PHP, as I mentioned before, supports over 15 plus databases natively through modules.
All right, we're going to talk about the atypical uses for PHP.
Not like the mom and pop programming site shopping cart where you go out and you shop
for a few things, and then you have your little cookie come up, and oh, it gets all
confused and unhappy. We're going to talk about securing PHP and
using encryption. We're going to talk about data mining, which
is basically grabbing assets off other people's websites from a PHP server.
And we're going to talk about web security. Before I do that, I'm going to talk about
what I do. I'm going to show you guys a basic PHP script
now and my website. Yes, this is running on Windows, so everyone
can go, oh my God, why is he using Windows? That's so bad.
Windows is so horrible. All right, all you social engineers, look
at the name I named for my hard drive. What is the significance of that?
Could it be a reference to Jack Kerouac's On the Road?
Who knows? It's crazy.
Okay.
I use PHP with Xtami on Windows. I don't actually use IIS, and it's a good
thing because it runs much more quickly. Oh, yeah, I like that.
Okay. I crossed the country.
I've been gone for a month. I decided to end my road trip in Las Vegas.
This isn't just for show. This is something I've actually done.
And I made this website so my parents knew I was alive along the way.
So what I did, oh, isn't that sweet? Come on.
Oh, what a mama's boy. Yeah.
That would be okay if she weren't dead. No, I'm just kidding.
I'm just kidding. Mom, you're out there somewhere.
So I took a trip across the country on US 50, and I kept a website along the way.
And I wanted to very easily, I wanted to be able to update my website when I'm on the road.
And I wanted to do two important things. First, my mom should hear all the stories
about the happy people I met and all the national parks I went to.
Second, my mom shouldn't hear all the other stories about the people I met along the way.
You know what I'm saying? Like, those people you meet on the road.
Who's only, you know, their first name. And you're in a bar, and they're like,
let's dance. So you're like, okay, let's dance.
I'm in the middle of nowhere. And they don't give them your real name.
So the key was to actually prevent those stories from getting to my mom.
So what did I use? PHP.
I used it mostly because it was cheap and free and easy.
So this is my website. This is where I went across the country.
Doesn't look too harmful or anything. Okay.
First thing I did was.
These are links up here. Hidden links at the top left and top right.
This is the link to the super secret stuff that I don't want my mom to hear.
So of course I. Uh oh.
Whoa, there it goes.
I'll tell you, Windows is a beautiful thing.
So I protect this with the following code here.
Let's switch.
Let's go into my web.
PHP is very, very efficient.
I point this out to everyone.
And I will be using UltraEdit.
Which, in the spirit of my road trip, I got for free.
Okay, here's the basics of it.
I know it's going to be hard to see from the back because it's really, really tiny and small.
Basically, PHP can do HTTP authentication.
So what you can actually do is use a database of usernames and passwords.
And, you know, the blue sites, the porn sites, they really like this.
You can actually do.
Darn, darn.
I clicked the wrong file here.
Let's do.
Let's see here.
This one.
Okay.
At the top of the page.
So does.
Everyone here, since Microsoft employs most of us.
The reason is because you can't hate Microsoft that much, right?
They make us all.
Okay.
Everyone hates Microsoft.
Basically, you do the PHP HTTP authentication.
You can use the database to do it at the top of the page.
And I have it here.
Secretly also in my little gas section, actually.
There's a difference between PHP on Windows and Unix, ladies and gentlemen.
Right.
When you run it on Windows, you have to actually.
You don't have to declare the variable.
But when you make a comparison on a variable to see if it has contents or not.
You have to use is set.
But when you run it on Linux, you can just say.
If parentheses variable, then do these things.
So I set up a little section here.
I could upload my file from the web.
So I wouldn't have to actually set my laptop up and go crazy with it.
And I use PHP to actually do things like.
Stepping over here.
I use PHP to set up which leg of my trip I was on.
So if I was on the US 50 section.
Or if I was on the Route 66.
It would show a different map to people.
It would show a different set of my journals.
And it would show different information.
And hopefully not the secret stuff to my mom.
So that's a typical use of PHP.
Now we're going to get into the atypical use of PHP.
And let's start this up again.
Okay.
Securing PHP and encryption.
This is the general model of how you'll see PHP implemented.
Time check.
Anyone raise their hand and give me the time.
6.35.
We'll be done in 15 minutes.
All right.
On the left side you have Apache.
PHP is a module.
Please don't run PHP as CGI.
When you were talking about buffer overflows earlier.
And memory allocation problems.
Basically every single CGI spawns its own process off the Apache.
Off the Apache kernel.
And it's just a mess for PHP.
It slows down your scripts for you significantly.
So you'll have SSL and you'll have Perl in there too.
And then you can see I have PHP and MySQL.
When you install PHP on Linux.
Make sure you do the dash dash with Apache switch.
That's how you compile it as a module in Apache.
Installation on Windows.
They have a nice new setup program for PHP.
That they just debuted with PHP 4.0.5.
But normally you just unzip it.
Like I said.
Two things.
Don't run it as CGI.
And don't run it on Windows 2000 as an ISAPI module.
Securing your installation.
Verify that PHP is running under the nobody Linux user.
PHP 3.0 didn't do that by default.
You had to set it.
Always clean HTML out of form input.
Make sure please that you take the actual.
You can do a strip HTML.
And actually strip HTML out of form input.
Because otherwise you're going to get people putting their own little links there.
And the crazy stuff.
Never let a user directly execute a system command based on input.
This is practical sense for most of us.
But you can actually use exec to execute commands on a Unix box from PHP.
So don't do something stupid like.
Here.
Enter your system command in this form.
And I'll execute it on my box.
Right.
Bad idea.
I'm telling you right now.
Even if you're my mom.
Filter.
She's dead you know.
Filter uploads.
Filter uploads and partition your directories out.
One very handy trick I found.
Is that.
You should not put all your scripts in one single directory.
Because once they know that that's the location of it.
They can reference your scripts directly.
And some Apache configurations actually output PHP as text.
If you reference the file directly.
So then they can look at your passwords etc.
And always run the latest build.
There's a vulnerability in 4.0.1.
I have to point this out because it's really.
That it basically.
Forgets to.
It forgets to encrypt your data.
And you can't use sockets right.
And there was a small mistake on their part.
A few words about MySQL and PHP.
Use PHP includes to partition your databases username and passwords.
What that means is.
Include simply takes a file.
Sticks it into the middle of your executing application.
So put your username and password in the include file.
And then step it up.
And take your PHP file that contains your username and password.
Put it above the www tree.
So that.
It's just.
It's just a precaution.
So that one time when you forget.
And you name your index dot PHP page.
Index slash slash dot PHP.
And it decides to do a directory listing for you.
That they can't find out that file that says.
Name of my database.
Username and password.
Set up your security properly.
To limit full access to certain usernames in MySQL.
And set up separate read and write users.
Yes.
Pardon me.
Oh yes.
You can actually.
Like I said.
You can execute Unix commands from PHP.
And you could.
So you mean.
Is it insecure.
And that you could set yourself as root.
And go ahead and execute a few things.
Yes you could.
If you had control of your own server.
But most of the.
Most of the commercial.
Installations that you'll find out there in the web host.
Like PHP web hosting.
Which is a plug for them.
Because they're awesome.
They're ten bucks.
And they have like.
Unlimited databases and everything.
They usually will lock it down.
So you can't execute system commands from PHP.
You just want to change the user that you're running the command under.
Yes you can do that.
From exec.
Is the command.
And you could run set UID on it.
And back up your SQL data.
All right.
Use encryption and hashes.
There are two types.
Encrypt.
Encrypt.
And encrypt decrypt.
Uses cypher key data.
And mode to encrypt bytes.
So you can actually encrypt and decrypt.
And then there's one way encryption in PHP.
Which is MD5.
Everyone knows MD5 by now.
It's the fucking coolest thing.
Or did I just swear.
All right.
It generates a message.
I just.
32 character representation of strings of any length.
It's useful for storing passwords.
It's useful for creating hashes.
Always store passwords and credit cards.
With an MD5 hash of it.
PHP has global variables.
It reports every time.
You run PHP info.
To dump all of your data.
All the global variables.
Important ones.
HTTP refer.
Their last location.
Their browser.
And user agent.
Remote address.
Their IP address.
Which is something I use when I.
When I set up that security on my website.
I was telling a story earlier.
One of my friends thought it would be so cool.
To try to hack the HTTP authentication.
Because apparently that's all the time he has in his world.
Is to go into my website.
And read about.
You know.
Where I've been.
And so what I did is.
I set up a little script there.
To every time he tried it.
To email me the passwords he would try.
And his IP address.
So I could watch him every time.
And then I'd call him on the phone.
Right after he did.
Because I had an email to my little.
Like my Panasonic phone.
I'd go.
Stop trying to hack my website.
Stop it.
I'll tell you what's there.
You know.
It's all stories about your mom.
I could do that every single time.
And then.
HTTP cookie bars.
Which is an associated array.
Of all the cookies that are passed.
Okay.
Data mining.
Just like our little.
Just like our little.
Dig dug friend would.
Okay.
We're going to.
We're going to basically use.
Pattern matching.
Regular expressions.
To grab data from websites.
Now.
This is a code example.
You guys can write it down.
Or afterwards.
I'm going to.
Have this little pad up here.
And if you want to.
Write me your email.
You know.
And your fake name.
Your crazy hacker name.
If you want.
I'll email you guys.
My presentation.
Or any of the code you want.
I'm going to step through it.
Really quickly.
For you guys.
This is it.
This will let you grab.
Links.
Or email.
Off people's page.
The first step.
Is set the URL.
The second step.
Is set the HTTP.
By default.
How cool is that.
So the first thing you do.
Is you grab a file.
Which is the URL.
The file command.
Recognizes.
HTTP.
And then you implode it.
As you see there.
I implode it on nothingness.
So I grab.
Everything out of it.
And then.
I use a pattern match here.
You'll see here.
H reference.
Ah.
H reference equals.
Which is.
You know.
A link.
For everyone who programs.
HTML.
On the page.
Get the number of matches.
Then run a while.
This is the while.
And list construct.
It'll separate.
Everything out.
Into a list.
And then it will grab.
All your matches.
For you.
And then it will print them out.
For you.
See those two lines.
Are tied there.
Set your desired URL.
Quickly grab the contents.
Of a page.
Match all.
AH references.
For links.
Cycle through the matches.
And then print them.
Formatted with the URL.
Well.
Hopefully.
This is just the germ.
Of an idea.
Because what I'd like.
To see people do.
Is to.
Use.
Regular expressions.
Or P regular expressions.
Which are POSIX.
Compatible.
To match.
Email addresses.
I'd like to see.
The URLs.
Be written.
To a file.
Which would be.
Very handy.
To have.
So.
You go about.
Your work day.
And you come home.
And you find.
An entire.
Website's.
Links.
Cataloged.
Or any other asset.
For that matter.
You can match.
Images.
You can match.
Email addresses.
You can match.
References.
To their mom.
Whatever you want.
To do.
You want to go.
To hp.com.
And search.
Everywhere.
On every one.
Of their pages.
For email addresses.
Write them.
To a little file.
For yourself.
And have them.
You can do that.
With the magic.
Of PHP.
You can also.
Follow URLs.
Off of the.
HTTP.
So you can go.
You know.
Three or four.
Levels.
Deep.
My live.
Search engine.
That I designed.
These are.
Pretty basic.
PHP concepts.
Once you.
Step beyond.
The regular.
Database.
And variables.
And arrays.
And things.
Basically.
I do.
Two arrays.
There.
I while.
Through the arrays.
I grab.
The contents.
Of a URL.
I'm essentially.
Reading.
The entire.
Chunk.
Of a web.
Page.
Into a variable.
So I can.
Play around.
With it.
And then.
I go.
Ahead.
And loop.
Through the whole.
Page.
And look.
For the word.
Sexy.
There.
And do.
A pattern.
Match.
So at.
The bottom.
An array.
Of URLs.
To check.
Out.
Initialize.
The index.
Variable.
Loop.
As long.
As there.
Are URLs.
Yet.
To read.
Which is.
In my.
URL.
Array.
At the.
Top.
Read.
An entire.
Page.
In a.
Variable.
Dump.
The number.
Of.
Matches.
That.
Contain.
The.
Pattern.
Space.
Or.
Plus.
Space.
In.
This.
Case.
I.
For.
The.
Word.
Or.
On.
The.
And.
Print.
The.
Result.
As.
A.
Formated.
URL.
With.
Number.
Of.
Matches.
And.
Loop.
Through.
It.
Ideas.
I.
For.
This.
Link.
To.
A.
Database.
Of.
Submitted.
Urls.
And.
Then.
Read.
Into.
Array.
That's.
What.
Also.
The.
Vista.
Does.
This.
Is.
Pretty.
Much.
What.
They.
Do.
Exactly.
They.
Let.
People.
Submit.
Their.
Security.
And.
Cracking.
Urls.
And.
They.
Live.
Search.
Except.
Lately.
They've.
Been.
Kind.
Of.
Modifying.
It.
So.
There's.
About.
Like.
A.
Day.
Or.
Two.
Lag.
Where.
Actually.
Perform.
The.
Searches.
Using.
A.
Cron.
Job.
And.
Then.
They.
Keep.
The.
Index.
There.
It's.
Useful.
For.
News.
And.
Info.
Searches.
You.
Want.
To.
Save.
Your.
Matches.
Into.
A.
Database.
And.
You.
Can.
Maybe.
Create.
A.
Simple.
Index.
Just.
Like.
Also.
The.
Vista.
Does.
Just.
Make.
Sure.
To.
Refresh.
It.
Web.
Security.
Oh.
This.
Is.
That.
One.
Of.
Those.
Phrases.
When.
You.
Mention.
It.
Like.
Everyone's.
Ears.
Perk.
Up.
You.
Know.
And.
They.
Start.
To.
Think.
About.
The.
Dump.
Okay.
This.
Guy.
I.
To.
Point.
Out.
There's.
A.
Guy.
Up.
Here.
I.
Don't.
Know.
He's.
Not.
Wearing.
A.
Shirt.
I.
Can't.
Look.
Over.
On.
This.
Side.
A.
Little.
Distracted.
Like.
I.
Know.
It's.
Hot.
In.
Here.
But.
We.
All.
Have.
Cover.
Up.
But.
You.
Know.
What.
I'm.
Just.
Taking.
My.
Shirt.
Off.
To.
Now.
Yeah.
Come.
On.
Depends.
How.
Much.
Applause.
And.
Dollars.
I.
Get.
Shoved.
In.
My.
Drawers.
Okay.
PHP.
With.
Socket.
Read.
Rights.
Can.
Monitor.
Websites.
And.
Servers.
There's.
A.
Out.
There.
Called.
Internet.
Seer.
Has.
Anyone.
Heard.
Of.
This.
Company.
They.
Do.
Free.
Monitoring.
Your.
Website.
To.
Make.
Sure.
It's.
Up.
And.
They.
Charge.
You.
They.
Monitor.
It.
Every.
Hour.
But.
They.
Charge.
You.
If.
You.
To.
It.
They're.
Using.
Comm.
Objects.
To.
Go.
Out.
And.
Check.
Your.
Ports.
And.
It's.
Really.
Really.
Slow.
It's.
Slow.
Just.
Because.
It's.
Microsoft.
It's.
Slow.
Because.
It.
Requires.
Like.
Tremendous.
Server.
Overload.
To.
Do.
It.
I'd.
Like.
To.
Really.
Try.
And.
That's.
One.
Of.
My.
Goals.
Maybe.
For.
The.
Rest.
Of.
The.
Year.
To.
Write.
An.
Open.
Source.
Security.
Scanner.
Using.
PHP.
But.
I.
Invite.
Everyone.
Here.
To.
Do.
It.
Because.
They're.
Inspired.
All.
Right.
Windows.
And.
Web.
Scanner.
I.
Do.
Something.
Very.
Simple.
At.
The.
Top.
And.
While.
Through.
It.
And.
I.
Go.
And.
I.
Use.
A.
Shortcut.
As.
Pointed.
Out.
Earlier.
F.
Sock.
Open.
F.
Sock.
Open.
Opens.
A.
Socket.
Now.
It's.
A.
Shortcut.
Because.
Actually.
Takes.
Care.
Of.
The.
Negotiation.
Based.
On.
What.
You.
Feed.
It.
Here.
I'm.
Feeding.
At.
W.
W.
W.
Dot.
Yahoo.
Dot.
Com.
It.
Would.
Take.
Care.
Of.
Initialization.
You.
Know.
The.
Little.
Hello.
String.
Hey.
I'm.
So.
Happy.
To.
See.
You.
And.
Takes.
Care.
Of.
Closing.
It.
For.
You.
It's.
A.
Little.
Shortcut.
I.
Feed.
It.
A.
Port.
From.
My.
Array.
And.
Then.
I.
Just.
Simply.
Output.
Whether.
The.
Ports.
Open.
Or.
The.
Ports.
Closed.
This.
Is.
Lightning.
Fast.
When.
It.
Does.
This.
You.
Could.
Scan.
You.
Know.
You.
Could.
Scan.
Your.
Your.
Would.
Be.
Really.
Nice.
Idea.
Is.
Everyone.
Who.
Owns.
Their.
Own.
Consulting.
Company.
Here.
Would.
Basically.
Set.
Up.
A.
If.
Want.
To.
Email.
It.
To.
Your.
Friends.
Like.
I.
Did.
With.
Mine.
And.
Oh.
That's.
The.
Other.
Thing.
I.
Did.
After.
He.
Started.
Like.
Hacking.
Into.
Any.
Tried.
To.
Guess.
My.
Password.
Which.
By.
The.
Way.
It's.
Not.
That.
Sophisticated.
Of.
Password.
I'm.
Using.
Like.
Letters.
Numbers.
And.
Crazy.
Symbols.
He's.
Just.
Go.
One.
Thousand.
Twenty.
Four.
And.
Below.
Maybe.
You.
Want.
To.
Look.
For.
Sub.
Seven.
Maybe.
You.
Want.
To.
Look.
For.
Napster.
Running.
Idea.
Output.
Results.
To.
Text.
File.
And.
Loop.
Through.
Several.
URLs.
So.
Modify.
My.
Code.
And.
Instead.
Of.
Just.
Looping.
Through.
The.
Ports.
Do.
A.
Higher.
Level.
While.
Loop.
And.
Loop.
Through.
Different.
URLs.
Also.
Scan.
A.
Range.
Of.
IP.
Addresses.
For.
Vulnerabilities.
Wow.
What.
That.
Mean.
Well.
You're.
The.
Uber.
Hacks.
Or.
Track.
Figured.
Out.
For.
Your.
Self.
Okay.
The.
Last.
One.
Is.
The.
T.
C.
P.
I.
P.
Activator.
That's.
Right.
One.
Night.
Only.
T.
C.
P.
I.
P.
Activator.
First.
You.
Start.
With.
An.
Sock.
Open.
At.
The.
Top.
And.
Then.
You.
Go.
Ahead.
And.
Say.
Oh.
Can.
You.
Connect.
If.
Not.
Die.
You.
Can.
Feed.
Any.
Strings.
Via.
P.
H.
P.
To.
The.
Desired.
Server.
You.
Could.
Emulate.
A.
Browser.
Of.
Your.
Choosing.
You.
Could.
Emulate.
An.
Entire.
Web.
Page.
That's.
Being.
Sent.
To.
Page.
Plus.
You.
Can.
Use.
It.
To.
Read.
Like.
Said.
And.
Communicate.
In.
Raw.
Sockets.
Using.
The.
Sockets.
Implementation.
In.
P.
H.
P.
So.
I.
Simply.
Here.
Send.
A.
Variety.
Of.
Useless.
Information.
Out.
Of.
A.
And.
I.
Grab.
Useless.
Information.
Off.
Their.
Server.
Open.
A.
Socket.
To.
A.
Host.
With.
Time.
Out.
If.
No.
Access.
To.
The.
Port.
And.
Execution.
So.
That.
You.
Don't.
You.
Like.
Pretty.
Much.
Die.
If.
You.
Can't.
Open.
A.
Web.
Connection.
Form.
A.
Standard.
HTTP.
Start.
Request.
And.
Loop.
Through.
The.
File.
That.
You.
Want.
Into.
The.
End.
Grab.
Some.
Of.
Their.
Lines.
Display.
Them.
And.
You.
Can.
Write.
To.
It.
With.
F.
Put.
And.
F.
Get.
I.
Use.
F.
Get.
And.
F.
Put.
Here.
You'll.
See.
I.
Put.
The.
Header.
There.
And.
I.
Get.
The.
Information.
Off.
Their.
Web.
Page.
But.
You.
Can.
Also.
Put.
Information.
To.
Someone's.
You.
Could.
Set.
It.
For.
Microsoft.
Write.
That.
One.
Down.
Another.
Idea.
Is.
To.
The.
Time.
Out.
Feature.
Create.
A.
Mini.
TCP.
Or.
IP.
Server.
Since.
You.
Can.
Control.
The.
Execution.
Of.
Your.
PHP.
Scripts.
Set.
Up.
Your.
Own.
Little.
PHP.
Web.
Server.
There.
Go.
Be.
Fairly.
Undetectable.
It.
Wouldn't.
Show.
Up.
As.
Apache.
If.
Someone.
Were.
To.
Query.
It.
You.
Can.
It.
Show.
Up.
As.
Anything.
You.
Want.
It.
Test.
The.
Number.
Of.
Simultaneous.
HTTP.
Or.
FTP.
Connections.
Your.
Host.
Can.
Handle.
Very.
Cool.
Or.
You.
Can.
Just.
Try.
Flood.
It.
And.
If.
Shuts.
Down.
And.
Lastly.
Send.
Mail.
Formed.
Headers.
To.
The.
Page.
This.
Is.
The.
Conclusion.
Thus.
Ends.
Our.
Fun.
Our.
Trip.
Here.
I.
Talked.
About.
Data.
Mining.
And.
Web.
Security.
Today.
How.
To.
Secure.
PHP.
Tune.
Up.
Your.
PHP.
Installation.
And.
Use.
Encryption.
Please.
Please.
PHP.
Is.
New.
It's.
Happy.
People.
Are.
Loving.
It.
People.
Are.
Starting.
To.
Get.
That.
PHP.
Vibe.
You.
Hear.
People.
Whispering.
On.
The.
Street.
Hey.
You.
Hear.
About.
PHP.
So.
Let's.
Not.
Create.
Like.
A.
Bunch.
Of.
Really.
Insecure.
Crappy.
Scripts.
That.
Have.
A.
Of.
Like.
You.
Know.
Holes.
In.
Them.
So.
That.
You.
Can.
Go.
Get.
Your.
Like.
Latest.
Server.
For.
One.
Dollar.
Because.
You.
Change.
The.
Form.
Header.
And.
Variable.
From.
Page.
Page.
Please.
Use.
Security.
Please.
Filter.
Out.
HTML.
Please.
Don't.
Set.
The.
User.
Idea.
To.
Root.
And.
Then.
Delete.
An.
Entire.
Directory.
Just.
Because.
You.
Want.
To.
Data.
Mining.
How.
To.
Use.
PHP's.
Regular.
Expressions.
And.
The.
Fact.
That.
Native.
Rights.
HTTP.
And.
FTP.
To.
Collect.
URLs.
Email.
Addresses.
And.
Anything.
Else.
You.
Want.
Naked.
Pictures.
Of.
The.
Star.
Of.
Your.
Choice.
All.
Throughout.
The.
Web.
Web.
Security.
Create.
A.
Simple.
Port.
Scanner.
And.
That.
Scans.
For.
Windows.
Or.
Web.
Ports.
I.
Did.
An.
Example.
Of.
Both.
And.
Then.
Also.
TCP.
Client.
Server.
What's.
Next.
Like.
To.
See.
A.
Full.
Featured.
TCP.
IP.
Server.
Handling.
Multiple.
Sockets.
And.
Streams.
It.
Can.
Be.
Done.
PHP.
Is.
Really.
Fast.
Running.
On.
Your.
Box.
At.
Home.
PHP.
Version.
Of.
GRC.
Com.
Shields.
Up.
You.
Guys.
Know.
Who.
Steve.
Gibson.
Is.
Right.
He's.
This.
Like.
Latest.
Flap.
With.
Microsoft.
Over.
Right.
The.
Raw.
Sockets.
Implementation.
In.
Windows.
XP.
Is.
Like.
This.
Kind.
Of.
My.
Personal.
Opinion.
Him.
Is.
Kind.
Of.
This.
Glory.
Hound.
Is.
Kind.
Of.
Like.
You.
Know.
Just.
Happy.
That.
Someone's.
Listening.
To.
Him.
You.
Probably.
Is.
Hold.
Up.
In.
Some.
Room.
Somewhere.
You.
Know.
His.
Mom.
Didn't.
Love.
Him.
When.
He.
Was.
A.
Kid.
And.
He's.
Happy.
Because.
Everyone.
Raises.
Their.
Hand.
And.
Goes.
I've.
Been.
To.
Shields.
And.
Processes.
Running.
I.
Don't.
Lock.
Down.
The.
Database.
Or.
Do.
Any.
Of.
Things.
In.
It.
This.
Is.
Very.
Simple.
Php.
Front.
Ends.
To.
Tcp.
I.
P.
Clients.
Like.
Windows.
Messenger.
And.
Amster.
Windows.
Messenger.
Is.
The.
MSN.
Messenger.
That.
Comes.
With.
Windows.
XP.
It's.
Like.
The.
Integrated.
Net.
Meeting.
Meets.
When.
Hello.
Sir.
Okay.
Take.
Your.
Seat.
It's.
The.
Integrated.
Client.
For.
It.
There's.
Product.
Called.
Php.
Groupware.
Which.
Is.
An.
Open.
Source.
Groupware.
Product.
That's.
Intended.
To.
Compete.
With.
Exchange.
It's.
Kind.
Of.
The.
Business.
It's.
The.
Website.
For.
Php.
The.
Commercial.
Company.
Is.
Zen.
Technologies.
Zen.
Started.
By.
The.
Two.
Guys.
Who.
Recoded.
It.
They.
Use.
The.
Zen.
Engine.
For.
Free.
In.
Php.
For.
And.
Php.
Homepage.
Has.
A.
Full.
Language.
Reference.
And.
Has.
Kind.
Of.
An.
Integrated.
User.
Community.
So.
You.
Get.
A.
Of.
Your.
Questions.
Answers.
Php.
Wizard.
Net.
They.
Have.
An.
Application.
There.
Called.
Php.
My.
Admin.
Which.
Lets.
You.
Basically.
Admin.
Your.
My.
SQL.
Databases.
From.
A.
Web.
Base.
Interface.
So.
Don't.
Code.
That.
On.
Your.
Own.
Cause.
It's.
Already.
Been.
Done.
And.
It's.
Awesome.
And.
Also.
Code.
Examples.
There.
Including.
A.
Php.
Chat.
Client.
Php.
Builder.
Com.
Which.
Is.
Just.
Purchased.
By.
Internet.
Com.
So.
It.
Suck.
Today.
I.
Don't.
Know.
But.
It.
Was.
A.
Really.
Great.
Reference.
Source.
They.
Would.
Have.
Weekly.
Articles.
On.
Kind.
Of.
Pushing.
The.
Boundaries.
Of.
Php.
So.
Php.
Builder.
Com.
Is.
A. Really.
Good.
Site.
And.
Dev.
Shed.
Com.
They.
Have.
A.
Of.
Great.
Articles.
From.
Beginner.
To.
Advance.
They.
Have.
A. Complete.
Walkthrough.
How.
Set.
Up.
Your.
Own.
Php.
Apache.
My.
Sequel.
And.
Ssl.
Implementation.
They.
Have.
A. Lot.
Of.
Different.
Information.
On.
Using.
Postgres.
Sql.
As.
Well.
As.
My.
Sequel.
All.
Right.
I.
Want.
To.
Take.
Time.
At.
The.
End.
For.
Questions.
First.
Were.
Any.
Questions.
About.
My.
Presentation.
Okay.
Yes.
One.
Yes.
Yeah.
That's.
A. Good.
Point.
That's.
A. Good.
Point.
If.
We're.
Doing.
A. Commercial.
Website.
You.
Might.
Want.
To.
Have.
A. Company.
That.
Handles.
Your.
Credit.
Card.
Processing.
For.
You.
So.
You.
Don't.
Have.
That.
Liability.
Please.
Come.
Up.
Here.
My.
Name.
Is.
Adam.
Thank.
You.
Very.
Much.
Thank.
